---

I. General Information

In the following, we inform you about the processing of personal data when using mindtrajour.com.

The entity responsible for data processing is:

MindTrajour UG (limited liability)
Larissa Lange
Straße der Jugend 18
14974 Ludwigsfelde
Email: datenschutz@mindtrajour.com

Protecting your privacy is very important to us. Therefore, please read this privacy policy carefully.

II. Scope of Data Processing, Processing Purposes, and Legal Bases

We detail the scope of data processing, purposes of processing, and legal bases below.

Art. 4 No. 1 GDPR: Personal data are all data that can be related to a specific natural person (e.g., their name or IP address).

Art. 4 No. 2 GDPR: "Processing" is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

The following legal bases are generally considered for data processing:

• Art. 6 (1) Sentence 1 lit. a GDPR serves as our legal basis for processing operations for which we obtain consent.
• Art. 6 (1) Sentence 1 lit. b GDPR is the legal basis if the processing of personal data is necessary for the performance of a contract, e.g., when a visitor purchases a product from us or we provide a service for them. This legal basis also applies to processing required for pre-contractual measures, such as inquiries about our products or services.
• Art. 6 (1) Sentence 1 lit. c GDPR applies if we need to fulfill a legal obligation by processing personal data, such as for tax law.
• Art. 6 (1) Sentence 1 lit. f GDPR serves as a legal basis when we process personal data based on legitimate interests, such as for cookies necessary for the technical operation of our website.

III. Data Transfer Outside the EU

1. Data Transfer Based on an Adequacy Decision Pursuant to Art. 45 GDPR

If we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission under Art. 45 (3) GDPR ensure the safety of the data transfer, where available, as is the case for the UK, Canada, and Israel.

2. Data Transfer to the USA

On July 10, 2023, the Data Privacy Framework came into effect. The USA is thus a safe third country under EU data protection law. The tools we use are certified by the US Department of Commerce for the Data Privacy Framework: Google Inc., Vercel Inc., Meta Platforms Inc. (Instagram, Facebook).

3. Data Transfer Subject to Appropriate Safeguards Pursuant to Art. 46 GDPR

If there is no decision under Art. 45 (3) GDPR, a controller or processor may only transfer personal data to a third country or international organization if the controller or processor has provided appropriate safeguards, and if enforceable rights and effective legal remedies are available to the data subjects.

IV. Storage Duration

Unless a specific storage period is mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under commercial law); in the latter case, deletion will occur after these reasons no longer apply.

V. Data Subject Rights

As a data subject, you have the following rights:

1. Right to access under Art. 15 GDPR: You have the right to request information about your personal data processed by us within the scope specified therein.
2. Right to rectification under Art. 16 GDPR: You have the right to demand the correction of incorrect or completion of your personal data stored by us without delay.
3. Right to erasure under Art. 17 GDPR: You have the right to request the deletion of your personal data stored by us, unless further processing is necessary:

• for exercising the right of freedom of expression and information,
• for compliance with a legal obligation,
• for reasons of public interest, or
• for the establishment, exercise, or defense of legal claims.

4. Right to restriction of processing under Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data where:

• the accuracy of the data is contested by you;
• the processing is unlawful, but you oppose the erasure of the data;
• we no longer need the data, but you need it for the establishment, exercise, or defense of legal claims; or
• you have objected to processing pursuant to Art. 21 GDPR.

5. Right to data portability under Art. 20 GDPR: You have the right to receive your personal data in a structured, commonly used, and machine-readable format or to request the transfer to another controller.
6. Right to lodge a complaint under Art. 77 GDPR: You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your habitual residence. Contact details of the data protection supervisory authorities can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
7. Right to object under Art. 21 GDPR: You have the right to object to the processing of your personal data in certain circumstances and to object to direct marketing.

• If data processing is based on Art. 6 (1) lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (objection under Art. 21 (1) GDPR).
• If your personal data are processed for direct marketing purposes, you have the right to object to the processing of your personal data for such marketing at any time.

For questions regarding data collection and processing, please contact us directly at datenschutz@mindtrajour.com.

VI. Data Processing on the Website

Web Hosting and Website Provision

This website is hosted externally. The personal data collected on this website is stored on the servers of the service provider listed below. This includes IP addresses, contact requests, meta and communication data, contract data, contact details, names, and website access logs.

The use of the hosting service is to fulfill our contractual obligations to our customers (Art. 6(1)(b) GDPR) and to ensure a secure and fast provision of the online presence by the professional provider (Art. 6(1)(f) GDPR). The hosting provider will process your data only to the extent necessary to fulfill its service obligations.

The following hosting providers are used:

a. Vercel

Our website uses the data hosting service "Vercel" by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, privacy@vercel.com.

More information on Vercel's handling of user data can be found in their privacy policy at Vercel Privacy Policy.

b. Amazon Web Services (AWS)

Our website uses the data hosting service "AWS" (Amazon Web Services) by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA, aws-security@amazon.com.

More information on AWS's handling of user data can be found in their privacy policy at AWS Privacy Policy.

c. Supabase

Our website uses the data hosting service "Supabase" by Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992.

More information on Supabase's handling of user data can be found in their privacy policy at Supabase Privacy Policy.

Informational Use of the Website

When using the website for informational purposes only, i.e., when visitors do not transmit information separately, we collect personal data that your browser transmits to our server to ensure the stability and security of our website. This constitutes our legitimate interest, thus the legal basis is Art. 6(1)(1)(f) GDPR.

Server Log Data

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address
• Access status/HTTP status code

This data is not merged with other data types.

The collection of this data is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the technically error-free presentation and optimization of our website – for this purpose, the server log files must be recorded.

Cookies on Our Website

What are Cookies?

Cookies are small text files stored on your device when you visit our website. They allow us to save your activities and preferences (such as login data, language, font size, and other display settings) over a certain period, so you don't have to re-enter them each time you visit the website.

What Types of Cookies Do We Use?

We use different types of cookies for various purposes on our website:

• Necessary Cookies: These cookies are essential to enable you to navigate the website and use its basic functions. Without these cookies, certain services cannot be provided.
• Functional Cookies: These cookies allow our website to remember the choices you make (e.g., your username, language, or the region you are in) and provide enhanced, more personalized features.
• Analytical/Performance Cookies: These cookies collect information about how visitors use our website, e.g., which pages are visited most often or if error messages occur. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. They are used only to improve the functionality of our website.
• Advertising Cookies: These cookies are used to make advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns.

We use a cookie consent cookie to determine the cookie settings of users of our website. This cookie is stored locally on the user's device. This is technically necessary for the use of the website and is therefore subject to our legitimate interest, so the legal basis is Art. 6(1)(1)(f) GDPR.

Web Beacons

Our website MindTrajour uses web beacons (also known as "pixel tags" or "clear GIFs"). Web beacons are small graphic files embedded on our web pages or in our emails. They allow us to monitor the behavior of users on our website and the effectiveness of our email campaigns.

a. Purpose of Use

We use web beacons for the following purposes:

Analysis and Improvement: Web beacons help us analyze the use of our website and thus improve our content and services. They allow us to understand which pages are visited, how long a user stays on a page, and what actions they take.

Performance Monitoring: Web beacons enable us to monitor the performance and effectiveness of our website and our email campaigns. This helps us optimize the user experience and ensure that our marketing communications are relevant and engaging.

Marketing and Advertising: Web beacons allow us to measure and understand the effectiveness of our online advertising. They also help us identify user segments most likely to be interested in our offerings.

Contact

Inquiries via Email or Phone

If you contact us via email or phone or the contact form on the website, your request, including the resulting personal data (name, request, email address, phone number), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, if your request is related to the fulfillment of a contract or necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the inquiries addressed to us (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR), if this was requested.

We delete the data arising in this context after storage is no longer necessary, or restrict the processing if there are statutory retention obligations.

We use the customer relationship management application (CRM) system by Monday.com LLC, Hahashmonaim St 22, Tel Aviv-Yafo, Israel, for storing your data.

More information on the handling of user data can be found in the privacy policy of Monday.com at Monday.com Privacy Policy or privacy@monday.com.

Third-Party Applications in Connection with Our Website

a. Google Analytics (Analytical/Performance Cookies)

We use Google Analytics for website analysis, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis is your consent, Art. 6(1)(a) GDPR, which we obtain through the cookie consent tool. You can revoke your consent at any time. After your consent, Google Analytics processes your data.

More information on the handling of user data can be found in the privacy policy of Google Analytics at Google Analytics Privacy Policy.

b. Google Ads (Analytical/Performance Cookies)

We use Google Advertisement to receive evaluations of our website visitors. It is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis is your consent, Art. 6(1)(a) GDPR, which we obtain through the cookie consent tool. You can revoke your consent at any time. After your consent, Google Advertisement processes your data.

More information on the handling of user data can be found in the privacy policy of Google Analytics at Google Analytics Privacy Policy.

c. Google Tag Manager (Web Beacon)

We use the Google Tag Manager for analyzing our Google Ads, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tracking code that allows us to measure and optimize advertising campaigns and associate user behavior on our website with our Google Ads.

The legal basis is your consent, Art. 6(1)(a) GDPR, which we obtain through the cookie consent tool. You can revoke your consent at any time. After your consent, your data is processed by the Google Tag Manager.

More information on the handling of user data can be found in the privacy policy of Google Analytics at Google Analytics Privacy Policy.

d. Microsoft Clarity (Analytical/Performance Cookies)

We use Microsoft Clarity to optimize the website. It captures user behavior on the website. It is a product of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

The legal basis is your consent, Art. 6(1)(a) GDPR, which we obtain through the cookie consent tool. You can revoke your consent at any time. After your consent, Microsoft Clarity processes your data.

More information on the handling of user data can be found in the privacy policy of Microsoft Clarity at Microsoft Privacy Statement.

e. Beehiiv Newsletter Application

If you have expressly consented according to Art. 6(1)(a) GDPR, we use the data provided by you on our Beehiiv newsletter application, 20 W 22nd St, New York, NY 10010, USA. You can revoke your consent at any time.

More information on the handling of user data can be found in the privacy policy of Beehiiv at Beehiiv Privacy Policy.

Your data will be sent to this newsletter provider for the purpose of sending newsletters. Your consent also applies to this: Through web beacons or tracking pixels that track and transmit various information about you, it is possible for us to see and analyze the following:

• Whether you have opened an email,
• The time of access,
• As well as your IP address.

This data is not used to create a profile.

You can unsubscribe at any time via a link at the end of each newsletter. You can also send your unsubscribe request via email to datenschutz@mindtrajour.com.

For more information on how your data is handled, please refer to the privacy policy of Beehiiv: Beehiiv Privacy Policy.

f. Customer Data Management with Monday.com

To store your contact data, we use the Customer Relationship Management (CRM) system from monday.com LLC, Hahashmonaim St 22, Tel Aviv-Yafo, Israel.

The legal basis for processing is our legitimate interest in responding to inquiries directed at us. The legal basis for processing is therefore Art. 6 Para. 1 S. 1 lit. f GDPR.

For more information on how your data is handled, please refer to the privacy policy of Monday.com: Monday.com Privacy Policy or privacy@monday.com.

g. Google Fonts

To display our website, we use the fonts from Google Fonts, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis for processing is our legitimate interest in ensuring an appealing and uniform presentation of our website. The legal basis for processing is therefore Art. 6 Para. 1 S. 1 lit. f GDPR.

VII. Data Processing in the Login Area, Use of Our MindTrajour Software

Third Parties

a. Session Cookies from Supabase (technically necessary)

Our MindTrajour software uses session cookies from "Supabase" by Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992.

The legal basis is our legitimate interest, Art. 6 Para. 1 lit. f GDPR, as otherwise we cannot ensure a smooth login process into the software.

For more information on how user data is handled, please refer to the Supabase privacy policy: Supabase Privacy Policy.

b. Apple OAuth (technically necessary)

We use the Apple OAuth service from Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA for the login to our MindTrajour software.

The legal basis is your consent, Art. 6 Para. 1 lit. a GDPR, which we obtain through the cookie consent tool. You can withdraw your consent at any time. After your consent, your data will be processed by the Apple OAuth service.

For more information on how user data is handled, please refer to the Apple privacy policy: Apple Privacy Policy.

c. Google OAuth (technically necessary)

We use the Google OAuth service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for the login to our MindTrajour software.

The legal basis is your consent, Art. 6 Para. 1 lit. a GDPR, which we obtain through the cookie consent tool. You can withdraw your consent at any time. After your consent, your data will be processed by the Google Tag Manager.

For more information on how user data is handled, please refer to the Google Analytics privacy policy: Google Privacy Policy.

VIII. Data Processing on Social Media Platforms

We are present on social media networks to introduce our organization and services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles based on their online behavior, which are used to show ads that match the users' interests on the network's pages and elsewhere on the internet. To do this, the network operators store information about user behavior in cookies on the users' computers. It is also possible that the operators combine this information with other data. More information and advice on how users can object to the processing by the site operators can be found in the privacy policies of the respective operators listed below. It is also possible that the operators or their servers are located outside the EU, which means they process data there. This can pose risks to users, for example, because enforcing their rights can be more difficult or state authorities can access the data.

If users of the networks contact us via our profiles, we process the data provided to us to respond to the inquiries. This constitutes our legitimate interest, so the legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR.

1. Instagram

We have a profile on "Instagram." The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

For more information and the applicable privacy policy of "Instagram," please refer to: Instagram Privacy Policy.

2. LinkedIn

We have a profile on "LinkedIn." The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

For more information and the applicable privacy policy of "LinkedIn," please refer to: LinkedIn Privacy Policy.

IX. Changes to This Privacy Policy

We reserve the right to change this privacy policy with effect for the future. A current version is always available here.

As of May 24, 2024